export async function onRequest(context) {
  const { request, next } = context;
  const url = new URL(request.url);

  // 添加安全头和缓存控制
  const response = await next();

  // 设置安全头
  const headers = new Headers(response.headers);
  headers.set('X-Content-Type-Options', 'nosniff');
  headers.set('X-Frame-Options', 'DENY');
  headers.set('X-XSS-Protection', '1; mode=block');

  // 为静态资源设置缓存
  if (url.pathname.match(/\.(css|js|png|jpg|jpeg|gif|svg|ico|woff|woff2)$/)) {
    headers.set('Cache-Control', 'public, max-age=31536000');
  } else {
    headers.set('Cache-Control', 'public, max-age=3600');
  }

  return new Response(response.body, {
    status: response.status,
    statusText: response.statusText,
    headers: headers
  });
}